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DYNAMIC PREVIEW OF ELECTRONIC SIGNATURE APPEARANCE 

BACKGROUND OF INVENTION 
This invention relates to signing an electronic document. 

An electronic signature is created and verified by means of cryptography. Typically, 
a private key of the signer of an electronic document is used for creating the electronic 
signature and a public key of the signer is used for verifying the electronic signature. A 
recipient of the signed electronic document must have the corresponding public key in order 
to verify that the electronic signature is the signer's. 

In a conventional public-private key implementation, an electronic signature is 
created by using a hash function to compute a result derived from the signed electronic 
document and the signer's private key. If the signed electronic document changes, then the 
hash result will also, with an extremely high probability, change. At the time of signing the 
electronic document, a hash result is computed and then transformed into an electronic 
signature using the signer's private key. The resulting electronic signature is statistically 
unique to both the signed electronic document and the private key used to create it. 
Typically, an electronic signature is attached to or made part of the electronic document and 
stored or transmitted with the electronic document. 

Verification of the electronic signature is accomplished by computing a new hash 
result using the same hash function used in creating the electronic signature. The signer's 
public key is then used to verify whether the electronic signature was created using the 
signer's corresponding private key and whether the newly computed hash result matches the 
hash result derived from the electronic signature. If the signer's private key was used and the 
hash results are identical, then the electronic signature is verified. Verification indicates that 
the electronic signature was created using the signer's private key and that the electronic 
document was not altered after it was signed. 

The term electronic signature will be used to refer to the code derived from the signed 
electronic document and a given private key. An electronic signature appearance is a visual 
manifestation of the signer's signature on the electronic document. An electronic signature 
appearance can include graphic elements and textual elements. For example, the electronic 
signature appearance can include an image of the signer's handwritten signature and text 
indicating the date the electronic document was signed. Because an electronic document 
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cannot be altered after it has been electronically signed without invalidating the electronic 
signature, the signer cannot alter the electronic signature appearance after signing the 
electronic document. If the signer is not satisfied with the appearance of the electronic 
signature on the electronic document, then the signer would have to effectively re-sign 
5 another copy of the electronic document, using an electronic signature appearance 
satisfactory to the signer. 

SUMMARY 

The present invention provides methods and apparatus, including computer program 
products, for signing an electronic document. In general, in one aspect, the invention 
10 features establishing an electronic signature appearance for an electronic signature and 
determining a bounding region on the electronic document for the display of the electronic 
signature appearance. At the time of signing an electronic document, the signer of the 
electronic document previews the electronic signature appearance in the bounding region and 
signs the electronic document with an electronic signature, the electronic signature associated 
15 with the electronic signature appearance. 

Implementations of the invention may include one or more of the following. The 
electronic signature appearance can be configured at the time of signing the electronic 

document. The electronic signature appearance can be configured by a user, and user input 

Ti 

H can be received activating controls for controlling textual and graphic elements included in 
y 20 the electronic signature appearance. The controls can include checkboxes, buttons or both. 

The electronic signature appearance can include textual elements automatically copied from 
a certificate of the signer. 

The preview of the electronic signature appearance can be displayed within the 
bounding region. The preview of the electronic signature appearance can be displayed in a 
25 configuration dialog box within the bounding region, which dialog box can also display the 
controls for controlling textual and graphic elements. Alternatively, a preview of the 
electronic signature appearance can be displayed within the bounding region on a display of 
the electronic document. 

Establishing an electronic signature appearance can include receiving user input 
30 selecting an electronic signature appearance from one or more existing electronic signature 
appearances, interacting with a user to create an electronic signature appearance, or receiving 
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an electronic signature appearance pre-configured by an author of the electronic document to 
be signed. 

Determining a bounding region on the electronic document for the electronic 
signature appearance can include interacting with a user signing the electronic document to 
5 establish the bounding region or establishing a bounding region pre-set by an author of the 
electronic document. An optimal layout of the electronic signature appearance can be 
determined based on the dimensions of the bounding region. Optimal dimensions of the 
bounding region can be determined based on the electronic signature appearance. 
The invention can be implemented to realize one or more of the following 
10 advantages. A signer of an electronic document can preview an electronic signature 
appearance shown to fit within a user-specified bounding region prior to signing the 
electronic document. If the signer is not satisfied with the electronic signature appearance, 
IS! the signer can edit the electronic signature appearance by editing the dimensions of the 

■5!;:;? 

Q bounding region or the graphic and textual elements displayed. Also, the signer can create an 

SI 

ill 15 electronic signature appearance at the time of signing an electronic document and then 

archive the electronic signature appearance for later use. Alternatively, the signer can create 
I II an electronic signature appearance at the time of signing, thus allowing the appearance to be 

H customized for a particular electronic document. 

j y The details of one or more embodiments of the invention are set forth in the 

01 20 accompanying drawings and the description below. Other features and advantages of the 

j!J1 invention will be apparent from the description, the drawings, and the claims. 

DESCRIPTION OF DRAWINGS 
FIG. 1 depicts a computer dialog box for previewing an electronic signature 
appearance in accordance with the invention. 
25 FIG. 2 is a flowchart of a process for creating or editing an electronic signature 

appearance at the time of signing an electronic document. 

FIG. 3 is a flowchart of a process for creating or editing an electronic signature 
appearance to archive. 

Like reference symbols in the various drawings indicate like elements. 
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DETAILED DESCRIPTION 

FIG. 1 shows a configuration signature appearance dialog box 100 displaying a 
preview of an electronic signature appearance 123 shown to fit within a bounding region, as 
the electronic signature will be displayed on an electronic document that has been signed. 
The electronic signature appearance 123 can include a number of textual elements and 
graphical elements. The elements of an electronic signature appearance can be static or 
dynamic, as described in further detail below. 

Some examples of textual elements that can be included in the electronic signature 
appearance 123 are described as follows. The electronic signature appearance 123 can 
include the name of a signer 106 and the date 1 14 and time 1 16 the electronic document was 
signed. Additionally, the electronic signature appearance can include a distinguished name 
108 of the signer, which provides further information to identify the signer in addition to the 
signer's name and can include, for example, an organization the signer belongs to and the 
country of residence of the signer. The location 120 where the electronic document was 
signed can be included in the electronic signature appearance in addition to a reason 1 18 for 
signing the electronic document. The user can be prompted to input the location 120 and the 
reason 1 1 8 at the time of signing. 

An example of a graphical element that can be included in an electronic signature 
appearance is a graphic of a notary public seal 124, which may be necessary for the signer to 
meet legal requirements when signing the electronic document. 

The electronic signature appearance can also include dynamic validity text 128 and a 
validity graphic 126, which provide information about the validity of the electronic signature. 
For example, the validity graphic can be a checkmark if the signature is a valid, a question 
mark if the validity of the electronic signature is unknown, and an X if the electronic 
signature is invalid. The corresponding validity text displayed with the validity graphic can 
be, for example, "signature valid", "validity unknown" and "signature invalid", respectively. 

If a user receives a signed electronic document, the user can click on a signature field 
of the electronic document to validate the electronic signature. For example, in one 
implementation, the method is performed by an application that maintains a certificate 
database associated with a user. The user can access a list of trusted certificates contained in 
the certificate database, which list includes public key certificates of potential signers of 
signed electronic documents the user expects to receive. If the identity of the signer is 



PATENT 

ATTORNEY DOCKET NO.: 07844/494001 

verified as being in the user's list of trusted certificates and the version of the electronic 
document has not been altered since the electronic signature was applied, then the electronic 
signature is validated. In another example, the user can validate the electronic signature 
using a trusted third party, such as a certificate validation authority that can be accessed over 
a network. The user can be notified of the verification status of the electronic signature by 
the display of validity text or a validity graphic, or both. The validity text and validity 
graphic are dynamic in that the application can change their appearance depending on the 
validation of the electronic signature. 

A process for signing an electronic document using a configurable electronic 
signature appearance is shown in FIG. 2. Upon receiving a request by a signer to sign an 
electronic document (205), the signer is prompted to establish a bounding region on the 
electronic document (210) if a bounding region has not already been pre-set by an author of 
the document. The signer can establish the bounding region in any convenient fashion, for 
example, by holding down the mouse button on the electronic document and dragging out the 
area in which the signer would like the electronic signature to appear. The signer thereby 
selects the dimensions and location of the bounding region for the electronic signature 
appearance on the electronic document. 

The signer can be prompted to input information that will form some of the textual 
elements of the electronic signature appearance, if the signer chooses to include such textual 
elements. In one implementation, a dialog box is displayed to the signer requesting the 
signer to provide information, such as, a reason for signing the electronic document, the 
location of signing and contact information for the signer (215). The signer is also presented 
with the option of creating a new electronic signature appearance (220), editing an existing 
electronic signature appearance (220) or using an existing electronic signature appearance 
(230) to sign the electronic document. 

If the signer selects to create an electronic signature appearance, information about 
the signer contained in a public key certificate corresponding to the signer's private key that 
will be used to sign an electronic document is retrieved (225). The configuration signature 
appearance dialog box 100 shown in FIG. 1 is displayed to the signer. A preview of the 
electronic signature appearance, which can include any available information such as the 
signer information retrieved from the public key certificate and the location and reason for 
signing, is displayed within the bounding region (235). 
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If the signer selects to edit an existing electronic signature appearance, the 
configuration signature appearance dialog box 100 is displayed to the signer, with a preview 
of the selected electronic signature appearance displayed within the bounding region (235). 
In one implementation, the signer can access a list of existing electronic signature 

5 appearances through a dialog box and select an electronic signature appearance by 

highlighting an item on the list. If the user has not previously created an electronic signature 
appearance, the list will be empty. Alternatively, an author of the electronic document to be 
signed can include rules that constrain or define the electronic signature appearance with the 
electronic document. The rules can define whether specific attributes are required in the 

10 electronic signature appearance, for example, whether name, date or reason are required to be 
present in the electronic signature appearance. The user can configure either an existing 
electronic signature appearance or a new electronic signature appearance interactively. This 
is done by interacting with checkboxes and buttons displayed within a configure graphic box 
136 and a configure text box 152 within the configuration signature appearance dialog box 

15 100. 

The configure graphic box 136 displays selections to allow the signer to import a 
graphic file (240). The signer can select to include either no graphic 138, an imported 
graphic 140 or the signer's name 142 as the graphic. If the signer selects to import a graphic, 
the signer can select to import a graphic file, for example a PDF (Adobe® Portable 

20 Document Format) file or a file from a portable electronic device, for example, a Palm™ 
organizer. If the signer selects the Graphic Files button 130, a dialog is shown that allows 
the signer to select a file as a graphic source from a set of available files. The Palm organizer 
pop-up 132 allows importing of pictures from a Palm organizer, for example, an image of the 
signer's handwritten signature. If any Palm files are present they are displayed in the Palm 

25 organizer popup 132. 

The configure text box 152 displays checkboxes allowing a signer to select textual 
elements to include in the electronic signature appearance (240). Selecting the name 
checkbox 154 includes the signer's name in the electronic signature appearance, for example 
"Fred Smith" 106 as shown in the electronic signature appearance 123. The date checkbox 

30 1 56 controls the inclusion or exclusion of the date and time that the signer signed the 

electronic document, for example, as shown in the electronic signature appearance 123 at 1 14 
and 116. The location checkbox 158 controls the inclusion or exclusion of the location at 
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which the signer signed the electronic document in the electronic signature appearance, for 
example, "Sunnyvale CA" 120, as shown in the electronic signature appearance 123. 

The reason checkbox 160 controls the inclusion or exclusion of the signer's reason 
for signing the electronic document. In one implementation, the signer is presented with a 
drop down menu with a list of reasons from which the signer can select a reason or 
alternatively the signer can input a reason. One example of such as reason is the phrase 
"This document is ready for approval" 118 displayed as part of the electronic signature 
appearance 123. The distinguished name checkbox 148 controls the inclusion or exclusion of 
the signer's distinguished name in the electronic signature appearance: an example of a 
distinguished name 108 is included in electronic signature appearance 123. 

The validity text checkbox 150 controls the inclusion or exclusion of dynamic 
validity text 128 in the electronic signature appearance. The labels checkbox 144 controls 
the inclusion or exclusion of text describing the elements included in the electronic signature 
appearance, such as the following text included in the electronic signature appearance 123: 
"digitally signed by", "DN", "Date", "Reason" and "Location". If the labels checkbox 144 is 
not checked, then such descriptive text would not be included in the electronic signature 
appearance 123. The logo checkbox 246 controls the inclusion or exclusion of a logo 
displayed in the background of the electronic signature appearance. 

If the signer chooses not to configure the textual elements, the textual elements will 
be set to a predefined default or according to rules defined by the author. For example, the 
predefined default can be set to include all textual elements. 

As the signer selects the graphic and textual elements to include in the electronic 
signature appearance, an optimal layout of the elements to be included in the electronic 
signature appearance is determined (250). In one implementation, the optimal layout is 
determined based on the aspect ratio of the bounding region. For example, if the bounding 
region is more vertical than horizontal, then the elements are stacked vertically. Conversely, 
if the bounding region is more horizontal than vertical, then the elements are stacked 
horizontally. 

A preview of the electronic signature appearance 123 is displayed within the 
bounding region using the determined optimal layout (255). The signature preview is 
updated whenever one of the selections in the configuration signature appearance dialog box 
100 is changed. The preview can be displayed within a window 120 in the configuration 
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signature appearance dialog box 100, as shown in FIG. 1, or in a separate window. 
Alternatively, the preview of the electronic signature appearance 123 can be displayed on a 
display of the electronic document to be signed. 

If the signer is satisfied with the electronic signature appearance 123, the signer can 
5 select to sign the electronic document (260) using the electronic signature appearance 123. 
Signing an electronic document requires the signer's private key, which is typically protected 
using some form of security. For example, the signer can be required to enter a user name 
and password to access the signer's private key to electronically sign a document. Once the 
signer has signed the electronic document, the electronic signature including the electronic 
10 signature appearance 123 is integral to the electronic document, and the electronic signature 
appearance 123 cannot be modified without invalidating the electronic signature. One reason 
h* it is important that the electronic signature appearance 123 become part of the signed 
n electronic document is because the position of the electronic signature appearance 123 
^ relative to other visible elements of the electronic document can have legal or other 
UJ 15 significance. 

Si If the user selects to use - but not edit - an existing electronic signature appearance 

; s . (230), then the electronic document will be signed using the selected electronic signature 

fij appearance (260). 

The signer can archive an electronic signature appearance 123 for later retrieval and 
O 20 use. In one implementation, the signer can enter a title 102 in configuration signature 

appearance dialog box 100 to identify the electronic signature appearance 123 displayed in 
the preview pane 122. 

FIG. 3 shows a process for creating and archiving an electronic signature appearance 
for use at a later time. The process can be executed in an application maintaining security 
25 over electronic signature appearances created and archived. For example, the user can be 
required to authenticate his or herself by entering a user name and secret password, to view 
the user's settings. The user can then view a list of existing electronic signature appearances 
and has the option to create a new electronic signature appearance or edit an existing 
electronic signature appearance is presented to the user. In one implementation, a dialog box 
30 is displayed to the user including a list of existing electronic signature appearances, a new 
button to allow a user to create a new electronic signature appearance, and an edit button to 
allow a user to edit an existing electronic signature appearance (310). User input is received 
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either selecting the new button or highlighting an item on the list and selecting the edit button 
(315). If the user selects to create a new electronic signature appearance, information about 
the user contained in the certificate corresponding to the user's private key is retrieved (320). 
The configuration signature appearance dialog box 100 (FIG. 1) is then displayed to 
5 the user, including a preview display of the selected existing electronic signature appearance 
or the new electronic signature appearance including user information retrieved from the 
certificate corresponding to the user's private key (325). User input is then received 
configuring the graphic elements (330) and the textual elements (335). As the user selects 
the graphic and textual elements to include in the electronic signature appearance, the 
10 optimal layout of the graphic and textual elements is determined (340) and the preview of the 
configured electronic signature appearance is updated (345). Once the user is satisfied with 
the electronic signature appearance, the edited or new electronic signature appearance is 
q stored for later retrieval by the user to sign an electronic document (350). 

;3 A separate signature appearance file can be created for each user. In one 

Hi 

lU 15 implementation, a user's electronic signature appearances can be stored in a database. For 
S example, the database could be implemented as a PDF file. The PDF file can have one page 

-J for each of the user's existing electronic signature appearances. 

□ In one implementation, an electronic signature appearance has layers arranged so that 

a dynamic validity graphic indicating the electronic signature is invalid would not be 
20 obscured by other elements within the electronic signature appearance, in the event the 
m electronic signature is invalid. An electronic signature appearance can have four standard 

layers as follows, with the lower numbered layers being painted first: 
nO - background layer; 

nl - validity layer for presentation of a dynamic validity graphic, for example, a 
25 question mark for validity unknown and a checkmark for valid; 
n2 - static graphic and textual elements; and 

n3 - validity layer for presentation of an invalidity graphic. This layer is above n2 so 
that the invalidity graphic {e.g., an "X") cannot be hidden by layer n2. If the electronic 
signature is valid, this layer is blank. 
30 An additional, optional layer is n4, a text layer for presentation of the dynamic 

validity text, for example, "Signature is valid", "Validity Unknown" or "Signature is 
Invalid". Default values for the layers are stored in an electronic document signed using the 
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electronic signature appearance. For example, the default value for nl can be a question 
mark and the default value for n4 can be "Validity Unknown". When the electronic signature 
is validated, then the electronic signature appearance dynamically changes to reflect the 
validation, and nl becomes a check mark and n4 becomes "Signature is valid", for example. 
5 The invention can implemented in digital electronic circuitry, or in computer 

hardware, firmware, software, or in combinations of them. Apparatus of the invention can be 
implemented in a computer program product tangibly embodied in a machine-readable 
storage device for execution by a programmable processor; and method steps of the invention 
can be performed by a programmable processor executing a program of instructions to 
10 perform functions of the invention by operating on input data and generating output. The 
invention can be implemented advantageously in one or more computer programs that are 
executable on a programmable system including at least one programmable processor 
coupled to receive data and instructions from, and to transmit data and instructions to, a data 
□ storage system, at least one input device, and at least one output device. Each computer 

fj 1 5 program can be implemented in a high-level procedural or object-oriented programming 

language, or in assembly or machine language if desired; and in any case, the language can 
111 be a compiled or interpreted language. Suitable processors include, by way of example, both 

ri general and special purpose microprocessors. Generally, a processor will receive instructions 

[| and data from a read-only memory and/or a random access memory. Generally, a computer 

'■WW t • 1 1 

iff 20 will include one or more mass storage devices for storing data files; such devices include 
Si magnetic disks, such as internal hard disks and removable disks; a magneto-optical disks; and 

optical disks. Storage devices suitable for tangibly embodying computer program 
instructions and data include all forms of non-volatile memory, including by way of example 
semiconductor memory devices, such as EPROM, EEPROM, and flash memory devices; 
25 magnetic disks such as internal hard disks and removable disks; magneto-optical disks; and 
CD-ROM disks. Any of the foregoing can be supplemented by, or incorporated in, ASICs 
(application-specific integrated circuits). 

To provide for interaction with a user, the invention can be implemented on a 
computer system having a display device such as a monitor or LCD screen for displaying 
30 information to the user and a keyboard and a pointing device such as a mouse or a trackball 
by which the user can provide input to the computer system. The computer system can be 
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programmed to provide a graphical user interface through which computer programs interact 
with users. 

The invention has been described in terms of particular embodiments. Other 
embodiments are within the scope of the following claims. For example, the steps of the 
5 invention can be performed in a different order and still achieve desirable results. 

What is claimed is: 
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